71
kurtr
7y

If you thought your legacy code was bad, this is what I'm dealing with. The below SQL is stored in a cookie on login and executed to on every further request to determine the user / privileges.

Comments
  • 1
    Oh.....wow
  • 31
    Now that's a unique approach that shows thinking outside the box. Too bad it's so stupid.
  • 16
    Oh.. That's cute.
    Now kill it, with napalm.
  • 1
    Wow. What the actual fuck! 😆
  • 5
    That could be fun, cookies can be changed clientside so i hope there is some sanity checks in place.
  • 7
    Sweet baby jesus 😱

    You guys are gonna getting hacked as fuck!
  • 12
    @ItsNotMyFault No checks - also has public registration and the db user is admin with full privileges.
  • 1
    Wait... what????!?!
  • 9
    Never have I thought that someone DESERVES to have all their tables dropped.
  • 1
    @Fydrenak one can hope the connected user is at least not privileged enough..
  • 0
    I'm impressed... that's a very creative way to fuck things up
  • 1
    @lotd user? You mean that thing that says 'root'?
  • 1
    @ocab19 don't see it in that picture.

    But yeah, it wouldn't surprise me if the database is connected on root...
  • 0
    Maybe the developer who wrote that code, didn't get paid or the client was shit.
  • 1
    @pajaja Times like these you'd kill for a box. ;)
Add Comment